[IPV6]: Disallow RH0 by default (CVE-2007-2242)

A security issue is emerging. Disallow Routing Header Type 0 by default as we have been doing for IPv4. This version already includes a fix for the original patch. Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org> Signed-off-by: Adrian Bunk <bunk@stusta.de>
author: Adrian Bunk <bunk@stusta.de> 2007-05-01 01:31:47 +0200
committer: Adrian Bunk <bunk@stusta.de> 2007-05-01 01:31:47 +0200
commit: 5225791117b564cd8b5683cf82d9eea45b0f0d59 (patch)
tree: f3fc7af96ac222ed53dc415d062a13b3147d1ac5 /Documentation
parent: ca80e5b5767e8a2bf0714f9797b872258e500ee6 (diff)
1 files changed, 9 insertions, 0 deletions
diff --git a/Documentation/networking/ip-sysctl.txt b/Documentation/networking/ip-sysctl.txt
index 26364d06ae9..d512f227dda 100644
--- a/Documentation/networking/ip-sysctl.txt
+++ b/Documentation/networking/ip-sysctl.txt
@@ -723,6 +723,15 @@ accept_redirects - BOOLEAN
 	Functional default: enabled if local forwarding is disabled.
 			    disabled if local forwarding is enabled.
 
+accept_source_route - INTEGER
+	Accept source routing (routing extension header).
+
+	> 0: Accept routing header.
+	= 0: Accept only routing header type 2.
+	< 0: Do not accept routing header.
+
+	Default: 0
+
 autoconf - BOOLEAN
 	Autoconfigure addresses using Prefix Information in Router 
 	Advertisements.
author	Adrian Bunk <bunk@stusta.de>	2007-05-01 01:31:47 +0200
committer	Adrian Bunk <bunk@stusta.de>	2007-05-01 01:31:47 +0200
commit	5225791117b564cd8b5683cf82d9eea45b0f0d59 (patch)
tree	f3fc7af96ac222ed53dc415d062a13b3147d1ac5 /Documentation
parent	ca80e5b5767e8a2bf0714f9797b872258e500ee6 (diff)